I have a ToDo task to write about PKI security n SolFS, but got no time to do this :(.

PKI-based encryption is done in several steps:
1) generate a session symmetric key
2) encrypt the symmetric key with certificate's public key and store the encrypted result somewhere.
3) decrypt the symmetric key with certificate's private key
4) use the symmetric key to encrypt the actual data (so your above comments in code are not applicable)
5) Besides encryption callbacks, you would also need to handle hashing callbacks.

The encrypted session key and the list of certificates can be stored in RootData of SolFS Storage.

Steps 4 and 5 are not at all specific to SolFS but are the same as encryption and hashing of any other data. So all of the above steps can be discussed in SecureBlackbox forum if you want to use SecureBlackbox. However if you want to use .NET classes or other library, we won't be able to give you any serious support (regarding their use) as we don't have knowledge about them (besides very basic things).

You should keep the certificate's private key separated from the storage, of course. However, you can keep certificates themselves in the storage (in RootData) in order to look for it's private key when it's time to decrypt the data of the storage. The encrypted session key can also be kept in RootData.

RootData is never encrypted as it was designed for the task of keeping certificates and encrypted session keys.

Forgot to ask - did you read the discussion in Borland newsgroup or your idea for custom encryption was a coincidence?

I just thought that you don't need custom encryption to use the certificate (unless you need to move encryption from SolFS to your main code). You can generate the session key and use it as a passphrase for SolFS built-in encryption. One thing you should note, however, is that to get at least 128 bit security (and SolFS uses 256-bit keys internally) you need to have *very* long passphrase or 256-bit symmetric session key.

I have a question about the RootData section of a storage object. Say I have multiple files or object that I would want to store there (certificate, configuration file for my app, maybe some other text based files, objects, etc.) I noticed that the OpenRootData() method returns a SolFSStream but it does not appear to take a paramater such as a filename. Does this RootData section only contain one Object/File/Stream? What would be the recommended way to store multiple items here?

Would I need to create one big object that contains everything together and serialize it?

RootData is, as you have noticed, exactly one stream of data. If you have too much information to store there, you can use another SolFS storage in callback mode. Alternatively, you can use some component that works with INI files or XML files (depending on your development tool). In MsgConnect we have MCDataTree class that lets one put a registry-like structure into the stream which can be saved and loaded to/from SolFS.